Operation Mermaid is a series of outbound APT attacks that target government entities. It has been active for 6 years since April, 2010 with a latest activity being detected in January, 2016. As of now, we have captured 284 pieces of malicious code samples and 35 CC domains connected to it. Sufficient evidence has been found that the Mermaid turns out to be the APT organization behind the attacks on Denmark Embassy